Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 2 years ago

#11848 closed defect (bug) (worksforme)

bug in apache_mod_loaded()

Reported by: Denis-de-Bernardy Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.9
Component: General Keywords: has-patch
Focuses: Cc:

Description (last modified by Denis-de-Bernardy)

If apache functions are available, we should not return the default value in apache_mod_loaded().

as things stand, get_mod_rewrite() would return true even if apache_get_modules() says otherwise.

also, phpinfo() is part of php core.

Attachments (2)

11848.diff (813 bytes) - added by Denis-de-Bernardy 8 years ago.
11848.2.diff (838 bytes) - added by Denis-de-Bernardy 8 years ago.

Download all attachments as: .zip

Change History (14)

#1 @Denis-de-Bernardy
8 years ago

  • Description modified (diff)

tested with apache_get_modules() turned on. needs testing with it off, and with php loaded as cgi.

#2 @dd32
8 years ago

some webhosts disable phpinfo() when they dont want the users to know the details of the setup.

As crazy as it may sound.

#3 @Denis-de-Bernardy
8 years ago

patch updated to reflect that.

#4 @sivel
8 years ago

See also #11604

#5 @sirzooro
8 years ago

I think it will be good to check this path on setup with PHP Suhosin - I know that this hardening patch adds some protection for phpinfo().

#6 @Denis-de-Bernardy
8 years ago

sirzooro: I did that already. though again, with the apache loaded function. if suhosin hides the modules, or disables the function, that's fine too. it just returns the default.

my issue with the current code is that it'll return true to get_mod_rewrite() even if apache_get_modules() makes it 100% certain that mod_rewrite is not around.

#7 @ryan
8 years ago

According to [7508] we return the default on purpose. #6278 doesn't really explain why other than to note it was done to restore the previous default for got_mod_rewrite().

#8 @ryan
8 years ago

This might explain why we only rely on confirming presence (but not absence) of a mod with apache_get_modules().


#9 @Denis-de-Bernardy
8 years ago

yeah. and hakre mentioned that in a fast cgi environment, it's pretty much impossible to detect an aapche module using simple functions.

I think we should consider applying different logic for get_mod_rewrite(). Here's what I just committed to the health-check plugin:


#10 @nacin
8 years ago

Tools > Network uses both got_mod_rewrite() and apache_mod_loaded() rather effectively. I don't think we should add much more to core for this. I think the perfect place for the code in the health check plugin is the health check plugin.

#11 @nacin
8 years ago

  • Milestone 3.0 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

This ticket was mentioned in Slack in #core by chriscct7. View the logs.

2 years ago

Note: See TracTickets for help on using tickets.